HttpsURLConnection

Class Overview

An HttpURLConnection for HTTPS (RFC 2818). A
connected HttpsURLConnection allows access to the
negotiated cipher suite, the server certificate chain, and the
client certificate chain if any.

Providing an application specific X509TrustManager

If an application wants to trust Certificate Authority (CA)
certificates that are not part of the system, it should specify its
own X509TrustManager via a SSLSocketFactory set on
the HttpsURLConnection. The X509TrustManager can be
created based on a KeyStore using a TrustManagerFactory to supply trusted CA certificates. Note that
self-signed certificates are effectively their own CA and can be
trusted by including them in a KeyStore.

It is possible to implement X509TrustManager directly
instead of using one created by a TrustManagerFactory. While this is straightforward in the insecure
case of allowing all certificate chains to pass verification,
writing a proper implementation will usually want to take advantage
of CertPathValidator. In general, it might be better to write a
custom KeyStore implementation to pass to the TrustManagerFactory than to try and write a custom X509TrustManager.

Providing an application specific X509KeyManager

A custom X509KeyManager can be used to supply a client
certificate and its associated private key to authenticate a
connection to the server. The X509KeyManager can be created
based on a KeyStore using a KeyManagerFactory.

A X509KeyManager can also be implemented directly. This
can allow an application to return a certificate and private key
from a non-KeyStore source or to specify its own logic for
selecting a specific credential to use when many may be present in
a single KeyStore.

TLS Intolerance Support

This class attempts to create secure connections using common TLS
extensions and SSL deflate compression. Should that fail, the
connection will be retried with SSLv3 only.